Link to home
Start Free TrialLog in
Avatar of MSGK161091
MSGK161091Flag for Australia

asked on

Desktop infected with http://search.conduit.com/

Seems I got virus on my desktop , and I need help getting it removed.
While on computer using IE or Mozilla Firefox, I get redirected to the link below which is the most common of re-directions:
http://search.conduit.com/
I know nothing about this site, nor have I ever visited it (willingly).
It says it's powered by Google.
Someone mentioned to me that they checked out SEARCH.CONDUIT (which is included in the link above) and that it is some form of hijacker.
My computer has all the symptoms of an attack by search.conduit

I ran AVAST virus scan (which found nothing), and then I ran MALWAREBYTES ANTI-MALWARE (which nothing showed). First time MALWAREBYTES removed around 6 - 10 infected files but since everytime I run it says no issues found. But I am sure my desktop is under attack.

And also due to which my PC running DAM slow.
Would you please take a look?
SOLUTION
Avatar of Lance_P
Lance_P

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Try looking in add/remove programs list, you might find conduit there.

Alternatively, look within the browser extensions and uninstall the un-needed browser extension.

Thanks.
Avatar of MSGK161091

ASKER

hi
i tried to reset as u said in firefix but still it ooens that site. IE seems ok as i see it opens google as home page
Avatar of beersince1978
beersince1978

Once you remove malware - it's a good practice to set your automatic updates to be downloaded and installed on weekly basis - this will improve your system immunity to such events. Make sure your browsers are up to date too. Good luck.
MSGK161091,
  Goto add remove programs and unsinstall firefox.

Delete any folders from the program files folder.

Reinstall the new version

Make sure you run spybot to clean the registry.
Good, now that IE is ok. Let's work on firefox (I have firefox 3.6.15 on my pc, so including instructions from that version):

Tools->Add ons -> locate Conduit within Browser Extensions or Plugins and disable/uninstall.

Restart firefox to see the effect.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Sudeep Sharma
Sudeep Sharma
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi warturtle

I have checked there is nothing for  Conduit in Add/remove programs nor in brower extenstions.

Hi Lance_p

I am reseting my brower again and this time runing spybot as u suggested, I will let u know.
MSGK161091,
Conduit will sometimes be started by a program with a different name.
In addition to the advice above, look through ALL of the programs in the Add/Remove Programs applet and make sure that you know what each one is.

You should also look through your "Programs" folder and do the same check.

Click on the START button, then click on RUN, and type in MSCONFIG. Look through the Startup list and check again.

If you aren't sure what a program is/does, you can do a quick Google search or post the info back here.

What exact OS are you running?
Have you tried resetting the browser home page to something else??? It could be that Conduit is already out, but the homepage is still conduit.com, so that opens by default.
Hi Lance_P

I ran spybot , it found few files infected and clean but when I ran again it found and cleaned but page was still opening after I reset firefox and chang homepage to Google. Seems spybot was not hard  enough to remove these

Hi warturtle

I ran EST cleaner and it found 15 threats & removed , which I have attached below . Please have a look.

Hi Younghv

I didn't found any thing in add/remove program neither in any of Program files folder.

Hi Ssharma

I ran OLT as you have said and attached OTL and Extra files here. Please find
threatsfound.ESTCleaner.txt
OTL.Txt
Extras.Txt
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi Ssharma

As you have requested, I ran  runfix with the given code by you. please the attachment for the  outcome.
olt-runfixes.txt
@MSGK161091,

So how's system working right now? Further issues?
Hi Guys
Now my system working fine. no more opening that annoying search page. Happy to be here at EE and part of it. I agree with the  administrative comment that EE experts are qualified and capable to fix the issues, we are not required to go anywhere.  

Thanks guys . Special thanks to  Ssharma/Warturtle.   I believe OLT , as well as EST scanner helped to removed this annoying search conduit page from my system.
I just removed Conduit.  It had a redirect in the hosts files which I removed.  Also, the browser toolbar was "disguised" in Add/Remove Programs.  It had a generic sounding name which I have already forgotten.  I found it by looking through the list of installed programs and looking for publisher I did not recognize.